vb.org Archive
Page 10 of 11 « First 89 10 11
Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vB4 General Discussions (https://vborg.vbsupport.ru/forumdisplay.php?f=251)
-   -   Th3H4ck hacked hundreds of VB forums over the last two days. (https://vborg.vbsupport.ru/showthread.php?t=301904)

mrdiger 09-19-2013 06:19 AM
Also found my site hacked today! (only front page, forums still works)
I run 4.1.1

Any idea what i can do to fix this?

Thanks alot!!


This is what they did, cp log:
Quote:

15389 N/A 04:08, 19th Sep 2013 admincalendar.php modify 36.74.252.52
15388 N/A 04:08, 19th Sep 2013 admincalendar.php update 36.74.252.52
15387 N/A 04:07, 19th Sep 2013 admincalendar.php add 36.74.252.52
15386 N/A 04:07, 19th Sep 2013 admincalendar.php modify 36.74.252.52
15385 N/A 04:07, 19th Sep 2013 plugin.php doimport 36.74.252.52
15384 N/A 04:07, 19th Sep 2013 plugin.php files 36.74.252.52
15383 N/A 03:18, 19th Sep 2013 plugin.php 65.49.14.143
15382 N/A 03:18, 19th Sep 2013 plugin.php doimport 65.49.14.143
15381 N/A 03:18, 19th Sep 2013 plugin.php files 65.49.14.143
15392 N/A 04:08, 19th Sep 2013 faq.php insert 36.74.252.52
15391 N/A 04:08, 19th Sep 2013 faq.php add 36.74.252.52
15390 N/A 04:08, 19th Sep 2013 admincalendar.php edit calendar id = 2

New Joe 09-19-2013 06:53 AM
Quote:
Originally Posted by Paul M (Post 2446446)

Maybe you should get facts right before making silly statements.

There was an e-mail .
But not till a week after vB published it over on vB com
Why did it take a week Paul for the e mail to be sent after the Thread was made on vB com?

loua_oz 09-19-2013 07:22 AM
I wonder if VB staff get fired for telling customers they are silly. In my company he would be history and marched out with security escort that minute.

Amateurs, should not comment, have to set some place where official comment is given.

loua_oz 09-19-2013 07:26 AM
1 Attachment(s)
Quote:
Originally Posted by xenite (Post 2446540)
Sorry. It's the CONTROL PANEL LOG that will tell you anything useful. (ON EDIT: About the IP address they used.)
CP transaction log, 3 pics. N/A is his user name (or instead of it).

Last picture is when he actually disabled admin account (played a clip when trying to enter Admin) but the site was working.

loua_oz 09-19-2013 12:20 PM
vB staff, provide some sweep that would tell your paying customers what is wrong with their sites.
Your product, easily hacked, even for fun, may have deprived some of your customers of their bread.

As it is now, you (vB) are out of business and possibly out of your jobs.

Zachery 09-19-2013 12:26 PM
You mean the giant guides that have been repeatedly posted on vBulletin.com and .org about how to find whats wrong, and fix your site?


Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

If you're actually looking for support, vBulletin.com forums, and or the members area would be the correct place to post.

TheLastSuperman 09-19-2013 12:38 PM
Quote:
Originally Posted by loua_oz (Post 2446648)
I wonder if VB staff get fired for telling customers they are silly. In my company he would be history and marched out with security escort that minute.

Amateurs, should not comment, have to set some place where official comment is given.
Paul is hardly an amateur and everyone is entitled to their own opinions.

Quote:
Originally Posted by loua_oz (Post 2446676)
vB staff, provide some sweep that would tell your paying customers what is wrong with their sites.
Your product, easily hacked, even for fun, may have deprived some of your customers of their bread.

As it is now, you (vB) are out of business and possibly out of your jobs.
I understand you're upset however this is vbulletin.org, we are simply here to assist with the modifications listed on this site not to bash on the product/company itself.

Ladies and Gentlemen, this type of stuff happens on occasion with virtually all online software at some point in it's lifetime if not multiple times and yes that includes php/apache that runs on your server and allows vBulletin, wordpress, and countless other software to run, vulnerabilities/exploits can exist on more than one level. When you're hacked it's very unfortunate and often times more than simply upsetting if data is lost however the best thing to do in a situation like that is to focus, fix your site first then worry about posting opinions - we are all entitled to them but be sure you take care of business first i.e. your site and also direct your anger accordingly :cool:.

loua_oz 09-19-2013 12:38 PM
Quote:
Originally Posted by Zachery (Post 2446677)
You mean the giant guides that have been repeatedly posted on vBulletin.com and .org about how to find whats wrong, and fix your site?


Please read the following two blog posts:
http://www.vbulletin.com/forum/blogs...ve-been-hacked

http://www.vbulletin.com/forum/blogs...vbulletin-site

If you're actually looking for support, vBulletin.com forums, and or the members area would be the correct place to post.
A blatant, fundamental lack of understanding what the term "customer" means.

I don't need support, I want the product that I have bought to function properly. Not to be redirected to lessons.

I can teach you one: the biggest asset any company has are their customers. Thousands of talented people found themselves out of their jobs because there were no customers for whatever they were making.

Where is a tool that every customer of vB can run and see if they are in danger?
Providing you have any idea what the dangers could be.

Shame on you.

Zachery 09-19-2013 12:45 PM
You know what, never mind.

loua_oz 09-19-2013 12:51 PM
Quote:
Originally Posted by TheLastSuperman (Post 2446678)
Paul is hardly an amateur and everyone is entitled to their own opinions.



I understand you're upset however this is vbulletin.org, we are simply here to assist with the modifications listed on this site not to bash on the product/company itself.

Ladies and Gentlemen, this type of stuff happens on occasion with virtually all online software at some point in it's lifetime if not multiple times and yes that includes php/apache that runs on your server and allows vBulletin, wordpress, and countless other software to run, vulnerabilities/exploits can exist on more than one level. When you're hacked it's very unfortunate and often times more than simply upsetting if data is lost however the best thing to do in a situation like that is to focus, fix your site first then worry about posting opinions - we are all entitled to them but be sure you take care of business first i.e. your site and also direct your anger accordingly :cool:.
Yet another confirmation vB staff do not understand what a product means. Theirs appears to be a Mickey Mouse, any kid can hack it. As they have, are doing, and will be doing.

Make vB free and then OK.
Charge for it, you may be in court, in the dock.


All times are GMT. The time now is 10:21 AM.
Page 10 of 11 « First 89 10 11
Show 40 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01249 seconds
  • Memory Usage 1,752KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (7)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (10)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • pagenav_page
  • pagenav_complete
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete